Software applications typically include flaws or defects, causing the software to operate in an unintended or undesired manner. The flaws/defects in the code are often introduced inadvertently. For example, a flaw may be introduced due to a programming error, or because the code developer failed to comply with a recommended coding practice. Sometimes, however, a flaw/defect may be introduced purposefully. Regardless of how (i.e., unintentionally or purposefully) or why a defect is introduced, a defect can be exploited to gain unauthorized access to the software, control the behavior of the software, and/or to access data associated with the software.
Static and dynamic vulnerability analysis techniques that can analyze the source code and/or one or more compiled binary files corresponding to a software application can be used to detect such vulnerabilities. A static analyzer that can analyze one or more compiled binary files corresponding to a software application is useful at least in situations where the source code is unavailable for a number of reasons, e.g., when the owner of the source code wishes not to disclose the source code to the tester performing the static analysis, when a portion of the binary files is obtained from a third party and the corresponding source code is not available from the third party, etc.
Dynamic analysis typically involves at least a partial execution of one or more binary files (also called binaries), and can detect flaws in the code by analyzing results produced by the software in response to one or more stimuli or inputs. As used herein, binary files are not limited to machine code only and may include files that are derived by processing source code and that include representations that are not source code representations, such as byte code, object code, intermediate representation, etc., where these representations are dependent on the respective programming languages used.
Large software systems often include dozens, hundreds, thousands, hundreds of thousands, or even more defects. The static and dynamic analyzers can identify many of these defects, but remedying each and every one of them can be costly and/or time consuming, and may be impractical in some situations. Not all defects, however, are equally critical or are even important. For example, some defects may not render data associated with the software vulnerable to unauthorized access, while some defects would. Some analysis techniques can rank the identified defects according to severity thereof and/or a danger posed thereby. Those defects that rank above a certain severity threshold may be analyzed/investigated further and/or remedied.